Trunk Reproducible crash when clicking on Back [@ nsGfxScrollFrameInner::GetScrollableView]

VERIFIED FIXED

Status

()

Core
Layout
--
critical
VERIFIED FIXED
14 years ago
7 years ago

People

(Reporter: Vincent Lefevre, Unassigned)

Tracking

({crash, topcrash})

Trunk
crash, topcrash
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(crash signature, URL)

(Reporter)

Description

14 years ago
User-Agent:       Mozilla/5.0 (X11; U; Linux ppc; en-US; rv:1.8a4) Gecko/20040916
Build Identifier: Mozilla/5.0 (X11; U; Linux ppc; en-US; rv:1.8a4) Gecko/20040916

When clicking on Back in the case below, Mozilla crashes (segmentation fault).

Reproducible: Always
Steps to Reproduce:
1. Open the above URL.
2. Click on the chapter 3 (Presentation Markup).
3. Click on the Back button.
Actual Results:  
Mozilla crashes (segmentation fault).

Expected Results:  
Mozilla should have displayed the page that it successfully displayed first.

The crash can be reproduced with my local web server (where I have these pages)
and here's the backtrace:

(gdb) backtrace 
#0  0x0f41cba0 in kill () from /lib/libc.so.6
#1  0x0fe428cc in pthread_kill () from /lib/libpthread.so.0
#2  0x0fe42d48 in raise () from /lib/libpthread.so.0
#3  0x0e1bc394 in NSGetModule ()
   from /home/lefevre/mozilla/lib/mozilla-1.8a4/components/libprofile.so
#4  0x0fe45af8 in __pthread_sighandler () from /lib/libpthread.so.0
#5  <signal handler called>
#6  0x0e88b94c in nsGfxScrollFrameInner::GetScrollableView ()
   from /home/lefevre/mozilla/lib/mozilla-1.8a4/components/libgklayout.so
#7  0x0e88b934 in nsGfxScrollFrameInner::GetScrollableView ()
   from /home/lefevre/mozilla/lib/mozilla-1.8a4/components/libgklayout.so
#8  0x0e88d830 in non-virtual thunk to
nsHTMLScrollFrame::SaveState(nsPresContext*, nsIPresState**) ()
   from /home/lefevre/mozilla/lib/mozilla-1.8a4/components/libgklayout.so
#9  0x0e887608 in nsIFrame::IsFocusable ()
   from /home/lefevre/mozilla/lib/mozilla-1.8a4/components/libgklayout.so
#10 0x0e90991c in nsCSSFrameConstructor::InitAndRestoreFrame ()
   from /home/lefevre/mozilla/lib/mozilla-1.8a4/components/libgklayout.so
#11 0x0e9083f0 in nsCSSFrameConstructor::BeginBuildingScrollFrame ()
   from /home/lefevre/mozilla/lib/mozilla-1.8a4/components/libgklayout.so
#12 0x0e904748 in nsCSSFrameConstructor::ConstructRootFrame ()
   from /home/lefevre/mozilla/lib/mozilla-1.8a4/components/libgklayout.so
#13 0x0e8b86fc in non-virtual thunk to PresShell::RepaintSelection(short) ()
   from /home/lefevre/mozilla/lib/mozilla-1.8a4/components/libgklayout.so
#14 0x0e9b1f0c in nsContentSink::StartLayout ()
   from /home/lefevre/mozilla/lib/mozilla-1.8a4/components/libgklayout.so
#15 0x0eb35ce8 in nsXMLContentSink::StartLayout ()
   from /home/lefevre/mozilla/lib/mozilla-1.8a4/components/libgklayout.so
#16 0x0eb34534 in non-virtual thunk to
nsXMLContentSink::OnDocumentCreated(nsIDOMDocument*) ()
   from /home/lefevre/mozilla/lib/mozilla-1.8a4/components/libgklayout.so
#17 0x0cfc8f74 in NSGetModule ()
   from /home/lefevre/mozilla/lib/mozilla-1.8a4/components/libtransformiix.so
#18 0x0cfc8d20 in NSGetModule ()
   from /home/lefevre/mozilla/lib/mozilla-1.8a4/components/libtransformiix.so
#19 0x0eaed8a8 in CSSLoaderImpl::SheetComplete ()
   from /home/lefevre/mozilla/lib/mozilla-1.8a4/components/libgklayout.so
#20 0x0eaed744 in CSSLoaderImpl::ParseSheet ()
   from /home/lefevre/mozilla/lib/mozilla-1.8a4/components/libgklayout.so
#21 0x0eaebcfc in SheetLoadData::GetReferrerURI ()
   from /home/lefevre/mozilla/lib/mozilla-1.8a4/components/libgklayout.so
#22 0x0eda59f4 in NSGetModule ()
   from /home/lefevre/mozilla/lib/mozilla-1.8a4/components/libnecko.so
#23 0x0ee14294 in NSGetModule ()
   from /home/lefevre/mozilla/lib/mozilla-1.8a4/components/libnecko.so
#24 0x0ed897b4 in NSGetModule ()
   from /home/lefevre/mozilla/lib/mozilla-1.8a4/components/libnecko.so
#25 0x0ed89350 in NSGetModule ()
   from /home/lefevre/mozilla/lib/mozilla-1.8a4/components/libnecko.so
#26 0x0efc4e50 in nsInputStreamReadyEvent::EventHandler ()
   from /home/lefevre/mozilla/lib/mozilla-1.8a4/libxpcom.so
#27 0x0efde40c in PL_HandleEvent ()
   from /home/lefevre/mozilla/lib/mozilla-1.8a4/libxpcom.so
#28 0x0efde334 in PL_ProcessPendingEvents ()
   from /home/lefevre/mozilla/lib/mozilla-1.8a4/libxpcom.so
#29 0x0efe0368 in nsEventQueueImpl::NotifyObservers ()
   from /home/lefevre/mozilla/lib/mozilla-1.8a4/libxpcom.so
#30 0x0e23ba40 in nsBaseWidget::FreeNativeData ()
   from /home/lefevre/mozilla/lib/mozilla-1.8a4/components/libwidget_gtk2.so
#31 0x0f841524 in g_vasprintf () from /usr/lib/libglib-2.0.so.0
#32 0x0f817c98 in g_main_depth () from /usr/lib/libglib-2.0.so.0
#33 0x0f8191dc in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#34 0x0f8195ac in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#35 0x0f819db8 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
#36 0x0fc24278 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
#37 0x0e23bfb0 in nsAppShell::ReleaseGlobals ()
   from /home/lefevre/mozilla/lib/mozilla-1.8a4/components/libwidget_gtk2.so
#38 0x0e392528 in ?? ()
   from /home/lefevre/mozilla/lib/mozilla-1.8a4/components/libnsappshell.so

Comment 1

14 years ago
(gdb) fr 7
#7  0x40f66a30 in nsGfxScrollFrameInner::GetScrollableView() const
(this=0x8768cd8) at nsGfxScrollFrame.cpp:1544
1544      mScrollAreaBox->GetFrame(&frame);
(gdb) p mScrollAreaBox
$1 = (nsIBox *) 0x0
Assignee: general → nobody
Status: UNCONFIRMED → NEW
Component: Browser-General → Layout
Ever confirmed: true
Keywords: crash
QA Contact: general → core.layout
Hardware: Macintosh → All
Summary: Reproducible crash when clicking on Back → Reproducible crash when clicking on Back [@ nsGfxScrollFrameInner::GetScrollableView]

Comment 2

14 years ago
crash: TB890971Q
Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.8a4) Gecko/20040919
OS: Linux → All

Comment 3

14 years ago
My browser doesn't crashed - linux, 1.7.3 self compiled

Mozilla 1.7.3
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3) Gecko/20040919

about:buildconfig

Build platform
target
i686-pc-linux-gnu

Build tools
Compiler 	Version 	Compiler flags
gcc 	gcc version 3.3.4 (Debian 1:3.3.4-6sarge1) 	-Wall -W -Wno-unused
-Wpointer-arith -Wcast-align -Wno-long-long -pthread -pipe
c++ 	gcc version 3.3.4 (Debian 1:3.3.4-6sarge1) 	-fno-rtti -fno-exceptions -Wall
-Wconversion -Wpointer-arith -Wcast-align -Woverloaded-virtual -Wsynth
-Wno-ctor-dtor-privacy -Wno-non-virtual-dtor -Wno-long-long -fshort-wchar
-pthread -pipe -I/usr/X11R6/include

Configure arguments
--with-x --disable-gtktest --enable-calendar --enable-xft --enable-crypto
--enable-xinerama --disable-tests --disable-debug
'--enable-optimize=-march=pentium4\ -mfpmath=sse\ -fomit-frame-pointer\
-ffast-math\ -O3' --disable-logging --enable-reorder --enable-strip
--enable-timeline --enable-xterm-updates --disable-pedantic
(Reporter)

Comment 4

14 years ago
I get the same crash on another machine (Linux/x86) with the trunk version
(compiled by myself). On the same machine, mo problem with mozilla-1.7.2 from
Debian. It seems that only the trunk is affected.
Looks like a duplicate of bug 260624 (which got fixed today).  Please test
tomorrow's trunk build?
Depends on: 260624
(Reporter)

Comment 6

14 years ago
Yes, this is fixed.
Status: NEW → RESOLVED
Last Resolved: 14 years ago
Resolution: --- → FIXED

Comment 7

14 years ago
This was a short-lived regression that popped up on 9/19 and went away after the
9/20 builds.  The fix for 260624 looks good.  Marking this verified per Talkback
data.
Status: RESOLVED → VERIFIED
Keywords: topcrash
Summary: Reproducible crash when clicking on Back [@ nsGfxScrollFrameInner::GetScrollableView] → Trunk Reproducible crash when clicking on Back [@ nsGfxScrollFrameInner::GetScrollableView]
(Assignee)

Updated

7 years ago
Crash Signature: [@ nsGfxScrollFrameInner::GetScrollableView]
You need to log in before you can comment on or make changes to this bug.